A team of Hackers are exploiting a Security Hole that exists in versions prior to version 2.7.1 in the text based database files of the CSLH program.

Everyone using 2.7.0 or below is urgently advised to upgrade to the latest release.

The vulnerability allows remote attackers to execute arbitrary commands on the server CSLH is hosted on. This is a major security breach and should be avoided at all cost.

If you installed my program using Fantastico for Cpanel, Power tools from Ensim, or you installed it yourself using a mysql database, you can stop this attack NOW by removing the directory named "txt-db-api" and all files under that directory in your installation of Crafty Syntax Live Help. That directory is used for the text based database which is not used if you are running Crafty Syntax Live Help using mysql.

If you installed using the txt-db-api you can fix this Issue by uncommenting the lines that define $API_HOME_DIR and $DB_DIR in txt-db-api.php to what they are defined as in config.php. just copy over the $API_HOME_DIR and $DB_DIR definitions from config.php to your txt-db-api.php file.

I have uploaded a new version of the program at cslh.com with the Patch.

To download the newest version you can visit cslh.com

http://cslh.com/installation.php

I have been working really diligently on version 3.0 which I will try to focus carefully to make sure that there are no SQL interjections, register globals issues, and a solid data structure. Already about 80 hours of programming has gone into CSLH version 3.0 and I hopefully plan on releasing it soon. If you get this message befor about 2am Hawaii time today you can see it in action by talking to me online at the intallation page:

http://cslh.com/installation.php

If you have any questions please visit the intallation page and click on the live help icon I should be online for next few hours till about 2am..

- Eric Gerdes

Crafty Syntax Live Help